Attivo Networks Blogs

Attivo Networks adds response capabilities to deception deployments

With its Deception and Response Platform, Attivo Networks addresses the main weakness of most deception technology, having to rely on other programs to respond to an attack once revealed by the deception network.

Deception technology, deploying fake assets inside real networks to trick and catch attackers, shows an incredible amount of promise within cybersecurity as the technology grows. Even as hackers learn to expect that deception assets will be hidden among their targets, deception tools seem more than capable of keeping one step ahead. So long as the deceptive assets are supported with lures and breadcrumbs on production systems to make them look real, attackers will inevitably wander into the traps and reveal themselves.

However, not everything is perfect in the world of deception. Most of the programs in the market today, while very good at alerting to the presence of an attacker, do nothing in terms of remediation of the problem – other than perhaps to offload that responsibly to another program or to humans working a network SIEM module. In many ways, they end up being like the dog chasing cars in that old story, putting a ton of effort into catching their quarry, but almost no thought into what to do once they have successfully latched on.

The Attivo Deception and Response Platform aims to change all that, adding native and even automatic response capabilities to its already powerful deception frontend. This is coupled with other powerful tools and applications like internal sandboxing, ransomware protection, user training and even phishing sample submissions, all supported by robust, accurate deception.

Deploying Attivo

The Attivo platform is divided up into four components, BOTsink, ThreatStrike, ThreatPath and ThreatOPs. Together they form the complete detection and response capabilities, starting with deploying decoys and making them look like real clients, protecting credentials and preventing ransomware outbreaks, plotting the attack paths of attackers and blocking them from reentering a network once purged, and tracking everything in a ticketing system suitable for confirmation checking or auditing. But it all starts with deploying deception.

The platform is normally deployed on-premises as an appliance, though a cloud version is also available. (Our test was done with a physical server.) Each appliance can support up to 384 deception devices, which can take on the capabilities and configurations of real network assets like servers and clients, or even ones that are specific to certain industries like infusion drug pumps in healthcare or point of sale devices in retail. You simply load up the golden image for the device you want to deceptively replicate and have it deployed in a network in such a way as to mirror other real assets that it’s imitating. After that, decoys and lures are placed to make the deception points come alive and appear to be in constant use.


Share on:

Free Active Directory Assessment

Get Visibility Into Privilege And Service Account Exposure

For a limited time, Attivo Networks is providing free Active Directory Security Assessments to demonstrate how ADAssessor provides unprecedented and continuous visibility to AD vulnerabilities.

Try Our Endpoint Detection Net (EDN) for Free


Free use offer of our Award-winning security solution to prevent attackers from lateral movement, credential theft, and privilege escalation, fast and easy.

Newsletter Signup

    Yes, please opt me in to receive your quarterly newsletter, event invitations, and product updates.

    I understand that I can opt out at any time, and can refer to Attivo Networks Privacy Policy for more information.
  • This field is for validation purposes and should be left unchanged.

ADSecure 90-Day Free Trial


  • Hide and deny access to AD objects
  • Get alerted on unauthorized queries
  • Attack details easily viewable in dashboard
  • Your data remains on-premise


Leave a Comment

Your email address will not be published.

six + 8 =

Ready to find out what’s lurking in your network?

Scroll to Top